Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Me: *Watching a movie*
Main Character: "Oh no, we have to hack the CIA to figure out how this machine works! Hacker girl, do the stuff"
Hacker Girl: "Consider it done!"
Hacker Girl: *Opens Linux bash*
Hacker Girl: *types 'mkdir Hack_CIA'
Hacker Girl: "They have two-factor authentication in place, this is going to be a hard one."
Hacker Girl: *Types 'cd Hack_CIA'*
Hacker Girl: "I'm in!"
Me: "..."
Friend: "Wow, so well done, so realistic!"
Me: *Dies*81 -
"Do you have 2 factor auth for the database?"
a customer asked. I stared on the wall in front of me and suddenly fel and urge to punch and piss on something.
I took a deep breath while thinking to myself
*Oh boy, here we go. Another retard*
I put on my nice voice and asked:
"What you mean?"
The customer seems confused, as if my question did not make sense and he said:
"TWO FACTOR AUTHENTICATION! Dont you know what it is? To make the database more secure."
I was fucking right, this person reads to much shit. The fact that the email signature of that person said "Wordpress Developer" made me more angry.
I, still with the nice voice asked
"How would that work?"
"Two factor authentication when I am connecting to the database."
"So, do you want it by SMS then? You'll get alot of messages if it is going to send you one every time a query is made."
The following 7 seconds was dead silent until I heard the person hang up.3 -
Client asked for Two Factor Authentication as a part of the webapp we're building and then were confused as to why they needed a second password to login
"we don't want to add an extra step into the login process, can you remove it please"
fml6 -
I can add two-factor authentication to GitHub, but my online banking password must have EXACTLY 5 characters...14
-
Question regarding implementing two factor authentication.
I want to implement 2FA for at least one service I'm writing but I'm wondering, next to email, what services/implementations could I use?
I know that email isn't the best when it comes to security but I also don't want to force (a-technical) users to install an app specifically for 2FA so keeping email as an option as well.
But except for email, any ideas? Anything related to Google/facebook (prism integrated services) are a no go anyways (this has, as mentioned before, nothing to do with my ego or giving myself 'a pat on the back')
As for costs, I don't mind a little bit of money but the service will be free at first and I'm not rich :)
Looking forward to the comments!22 -
Fuck you Amazon.
Fuck your two factor authentication.
Fuck your PINs over SMS that take 1 hour to arrive.
Fuck you.7 -
Read a blog post at work yesterday from the company head of IT security. Line 1:
As part of our company policy we enforce the use of usernames and passwords, known as two factor authentication. However we also need to ensure.....
Stopped listening at this point as I hit Google to confirm the definition of two factor auth.
Nope I'm not loosing my mind, the blog post is insane....1 -
"How do we share access to two-factor authentication."
What you mean is "how do we defeat the purpose of multi-factor authentication."
4 -
Slack is cool and all... But do we really have to have an "account per team" ? Damn I cringed so hard when I was setting up two-factor authentication and realized it was this way... Wtf...6
-
Three-factor authentication:
1. Setup an Amazon.com account.
2. Setup an Amazon Web Services account under the same e-mail address
3. Setup two-factor authentication for both systems.
4. Login to Amazon Web Services in a new browser session, and you'll be required to provide BOTH security tokens at login (Amazon.com first, then AWS second.)3 -
Definitely andOTP, my two-factor authentication app for Android: https://github.com/andOTP/andOTP
The only thing cooler will be once I finished to rewrite it from scratch to get rid of the legacy code from before I forked it.7 -
My biggest challenge has been moving away from an unmaintainable Java/Tomcat/Spring Security application server to a Node.js/Express application server. That handles single sign on and two factor authentication. In 2 weeks.
I'm a front end dev. I'm sure it's fine 😓6 -
Why the fuck is debit cards that don't need a PIN for transactions even a thing? What is so difficult to understand or implement in a two factor authentication? Like do these companies have meetings where some fucktard proposes removing a crucial security feature and the others just nod approval?6
-
I recently went to an office to open up a demat account
Manager: so your login and password will be sent to you and then once you login you'll be prompted to change the password
Me: *that's a good idea except that you're sending me the password which could be intercepted* ok
Manager: you'll also be asked to set a security question...
Me: *good step*
Manager: ...which you'll need to answer every time you want to login
Me: *lol what? Maybe that's good but kinda seems unnecessary. Instead you guys could have added two factor authentication* cool
Manager: after every month you'll have to change your password
Me : *nice* that's good
Manager: so what you can do change the password to something and then change it back to what it was. Also to remember it keep it something on your number or some date
Me: what? But why? If you suggest users to change it back to what it was then what is the point of making them change the password in the first place?
Manager: it's so that you don't have to remember so many different passwords
Me: but you don't even need to remember passwords, you can just use softwares like Kaspersky key manager where you can generate a password and use it. Also it's a bad practice if you suggest people who come here to open an account with such methods.
Manager: nothing happens, I'm myself doing that since past several years.
Me: *what a fucking buffoon* no, sir. Trust me that way it gets much easier to get access to your system/account. Also you shouldn't keep your passwords written down like that (there were some password written down on their whiteboard)
Manager: ....ok...so yeah you need sign on these papers and you'll be done
Me:(looking at his face...) Umm..ok4 -
A couple of weeks ago my work email got hacked, I found out because he/she was sending phishing mails to yahoo emailaddresses, but they couldn't be delivered because they were marked as phishing.
I've immediately changed my password and turned on two-factor authentication, shared my story with my boss and now we use two-factor authentication for every service where it is possible.2 -
So I was having problem logging in to slack. It seemed like their two-factor authentication was not working. So I kept on pondering and pondering. Then suddenly a light bulb was lit in my brain. I said to myself, "what would an ordinary muggle do? They surely will click on this contact us button and raise a ticket with them." So that's exactly what I did.
so after a while slack did sent me 16 text messages together as a sweet reward of my trials. I was happily working in Slack and then I realised they in fact did answer my ticket. The only thing is I just needed to log in to get the answer I need. I am happily reminded I wasnt the only fuckwit left into existence... -
Am I incredibly paranoid with my idea of multiple(>2)-factor-auth like fingerprint+yubikey+password+OTP aso?4
-
My concern only goes so far...
‘Wow! Two factor authentication is not main stream... Are you f*cking kidding me? And you own bitcoin!’
‘No, I have ripple.’
‘Oh, well, not bothered then.’
Top Tags
Weekly Rant
View